<?php

include_once "settings.php";
include_once "odbc.php";
include_once "messages.php";

//$sql = "select o.id, t.text from ontology o, term t where o.term_id = t.id and t.lang_id = 1";
//getData($sql, $aaa);
//print_r($aaa);
/*$filename = "out.txt";
$handle = fopen($filename, "rb");
$contents = fread($handle, filesize($filename));
fclose($handle);

$sql = 'update term set text="'.$contents.'" where id=125524';
insertRecord($sql);
die("yes");*/

global $_GET, $_POST, $_SERVER, $session_expiration_time, $language, $style;

//check supplied password
if (isset($_POST["password"]) && isset($_POST["login"])) {
  $data = array();
  //print ($_POST["login"].$data["fname"].$_POST["password"].md5($_POST["password"]));
  if (getData("select * from user where login='".
              $_POST["login"]."' and pwd='".
              md5($_POST["password"])."';", $data) == 1) {

    //print ($_POST["login"].$data["fname"].$_POST["password"].md5($_POST["password"]));
    //generate new unique session id
    $session_id = md5(uniqid("auto"));
    while (getData("select * from session where session_id='".
                    $session_id."';", $datatmp) == 1) {
      sleep(1);
      $session_id = md5(uniqid("auto"));
      //print "<pre>".session_id()."</pre>";
    }

    //is there exist a session for this user?
    if (getData("select * from session where user_id=".
                $data["user_id"].";", $datatmp) == 1) {
      //delete it!
      insertRecord("DELETE FROM session WHERE session_id='".
                    $datatmp["session_id"]."';");
    }

    //create a new session
    //$date = time()/(60*60*24) + 25569 - gmdate("H")/24 + date("H")/24;
    $date = date("Y-m-d H:i:s");
    $sql_str = "INSERT INTO session (session_id, user_id, ip, last_active) VALUES('".
                $session_id."',".
                $data["user_id"].",'".
                $_SERVER["REMOTE_ADDR"]."', '".
                $date."');";
    insertRecord($sql_str);


    $language["interface"] = $data["lang"];
//	PAS inserted the line 2007-01-15	
    $language["content"] = $data["lang"];

    $style = $data["style"];

    //go to target module
    if (!isset($_GET["trg"])) $_GET["trg"] = "main";
    include $_GET["trg"].".php";
  }
  else { //worng login or password
    $message_text = getMessage("Wrong password");
    include "login.php";
  }
}
else if (isset($_GET["sid"])) { //session_id is set
  //print "<pre>".$_GET["trg"]."</pre>";
  if (isset($_GET["sid"])) {
    $session_id = $_GET["sid"];
    //is there exist such a session?
    if (getData("select * from session, user where session.user_id=user.user_id AND session_id='".
                $session_id."';", $data) == 1) {
      //is it recent enough?
      list($usec, $sec) = explode(" ", microtime());
      $sec = (int)$sec - (int)strtotime($data["last_active"]);
      //print "<pre>".$sec."</pre>";
      if ($sec <= $session_expiration_time) {
        //update session time
        $date = date("Y-m-d H:i:s");//time()/(60*60*24) + 25569 - gmdate("H")/24 + date("H")/24;
        $sql_str = "UPDATE session SET session.last_active = '".$date.
        "' WHERE session_id = '".$session_id."';";
        insertRecord($sql_str);
        $language["interface"] = $data["lang"];

//	PAS inserted the line 2007-01-15	
    	$language["content"] = $data["lang"];

        $style = $data["style"];
        if (!isset($_GET["trg"])) $_GET["trg"] = "main";
        switch ($_GET["trg"]) {
          case "main": include "main.php"; break;
          case "admin": include "ADMIN/admin.php"; break;
          case "user": include "USER/user.php"; break;
          case "ontoedit": include "ONTOEDIT/ontoedit.php"; break;
          case "merger": include "MERGER/merger.php"; break;
          case "merger_choise": include "MERGER/merger_choise.php"; break;
          case "drawmerg": include "DRAWMERG/drawmerg.php"; break;
          case "importexport": include "IMPORTEXPORT/importexport.php"; break;
          case "termsearcher": include "TERMSEARCHER/termsearcher.php"; break;
          default: //including "logout"
            insertRecord("DELETE FROM session WHERE session_id='".$session_id."';");
            include "login.php";
            break;
        }
      }
      else {
        $message_text = getMessage("Expired");
        include "login.php";
      }
    }
    else {
      $message_text = getMessage("Not logged");
      include "login.php";
    }
  }
  else {
    $message_text = getMessage("Not logged");
    include "login.php";
  }
}
else { //user has to login first
  $message_text = getMessage("Not logged");
  include "login.php";
}

show_page();
?>